fs: ecryptfs: replace deprecated strncpy with strscpy
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and less ambiguous string
interfaces. A good alternative is strscpy() as it guarantees
NUL-termination on the destination buffer.
In crypto.c:
We expect cipher_name to be NUL-terminated based on its use with
the C-string format specifier %s and with other string apis like
strlen():
| printk(KERN_ERR "Error attempting to initialize key TFM "
| "cipher with name = [%s]; rc = [%d]\n",
| tmp_tfm->cipher_name, rc);
and
| int cipher_name_len = strlen(cipher_name);
In main.c:
We can remove the manual NUL-byte assignments as well as the pointers to
destinations (which I assume only existed to trim down on line length?)
in favor of directly using the destination buffer which allows the
compiler to get size information -- enabling the usage of the new
2-argument strscpy().
Note that this patch relies on the _new_ 2-argument versions of
strscpy() and strscpy_pad() introduced in Commit e6584c3964
("string:
Allow 2-argument strscpy()").
Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: <linux-hardening@vger.kernel.org>
Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20240321-strncpy-fs-ecryptfs-crypto-c-v1-1-d78b74c214ac@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
7dcbf17e3f
commit
f700b71927
@ -1606,9 +1606,7 @@ ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name,
|
||||
goto out;
|
||||
}
|
||||
mutex_init(&tmp_tfm->key_tfm_mutex);
|
||||
strncpy(tmp_tfm->cipher_name, cipher_name,
|
||||
ECRYPTFS_MAX_CIPHER_NAME_SIZE);
|
||||
tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
|
||||
strscpy(tmp_tfm->cipher_name, cipher_name);
|
||||
tmp_tfm->key_size = key_size;
|
||||
rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm,
|
||||
tmp_tfm->cipher_name,
|
||||
|
@ -256,11 +256,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
|
||||
substring_t args[MAX_OPT_ARGS];
|
||||
int token;
|
||||
char *sig_src;
|
||||
char *cipher_name_dst;
|
||||
char *cipher_name_src;
|
||||
char *fn_cipher_name_dst;
|
||||
char *fn_cipher_name_src;
|
||||
char *fnek_dst;
|
||||
char *fnek_src;
|
||||
char *cipher_key_bytes_src;
|
||||
char *fn_cipher_key_bytes_src;
|
||||
@ -293,12 +290,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
|
||||
case ecryptfs_opt_cipher:
|
||||
case ecryptfs_opt_ecryptfs_cipher:
|
||||
cipher_name_src = args[0].from;
|
||||
cipher_name_dst =
|
||||
mount_crypt_stat->
|
||||
global_default_cipher_name;
|
||||
strncpy(cipher_name_dst, cipher_name_src,
|
||||
ECRYPTFS_MAX_CIPHER_NAME_SIZE);
|
||||
cipher_name_dst[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
|
||||
strscpy(mount_crypt_stat->global_default_cipher_name,
|
||||
cipher_name_src);
|
||||
cipher_name_set = 1;
|
||||
break;
|
||||
case ecryptfs_opt_ecryptfs_key_bytes:
|
||||
@ -326,11 +319,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
|
||||
break;
|
||||
case ecryptfs_opt_fnek_sig:
|
||||
fnek_src = args[0].from;
|
||||
fnek_dst =
|
||||
mount_crypt_stat->global_default_fnek_sig;
|
||||
strncpy(fnek_dst, fnek_src, ECRYPTFS_SIG_SIZE_HEX);
|
||||
mount_crypt_stat->global_default_fnek_sig[
|
||||
ECRYPTFS_SIG_SIZE_HEX] = '\0';
|
||||
strscpy(mount_crypt_stat->global_default_fnek_sig,
|
||||
fnek_src);
|
||||
rc = ecryptfs_add_global_auth_tok(
|
||||
mount_crypt_stat,
|
||||
mount_crypt_stat->global_default_fnek_sig,
|
||||
@ -348,12 +338,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
|
||||
break;
|
||||
case ecryptfs_opt_fn_cipher:
|
||||
fn_cipher_name_src = args[0].from;
|
||||
fn_cipher_name_dst =
|
||||
mount_crypt_stat->global_default_fn_cipher_name;
|
||||
strncpy(fn_cipher_name_dst, fn_cipher_name_src,
|
||||
ECRYPTFS_MAX_CIPHER_NAME_SIZE);
|
||||
mount_crypt_stat->global_default_fn_cipher_name[
|
||||
ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0';
|
||||
strscpy(mount_crypt_stat->global_default_fn_cipher_name,
|
||||
fn_cipher_name_src);
|
||||
fn_cipher_name_set = 1;
|
||||
break;
|
||||
case ecryptfs_opt_fn_cipher_key_bytes:
|
||||
|
Loading…
Reference in New Issue
Block a user